1. Field of the Invention
The present invention relates to security in computerized database systems. More specifically, the present invention relates to a method and an apparatus for managing a database system that provides the capability to encrypt and decrypt items in the database.
2. Related Art
Database systems are often used to store sensitive data, such as salary information, which needs to be kept confidential. Ensuring that such information remains confidential is becoming increasingly harder as computer systems are more commonly interconnected through computer networks. If a computer system is connected to a computer network, such as the Internet, hackers from any continent can potentially break into it. Once hackers break in, they can potentially steal sensitive data from the computer system.
Sensitive data can be protected by storing the sensitive data in encrypted form on a database system. In this way, only an entity that possesses the proper encryption/decryption key can access the sensitive data.
One method of encrypting sensitive data is to allow an application that accesses a database to encrypt the sensitive data before it is stored in the database. Under this method, only the application that accesses the sensitive data possesses the encryption key. Hence, even a system administrator for the database is not able to decrypt the data.
Unfortunately, if the application itself encrypts the data, the database system will not be able to perform queries on the encrypted data because the database system will not be able to decrypt the data. Hence, many of the benefits of using a database system will be lost.
Another method of encrypting sensitive data is to let the database system manage encryption keys in order to perform encryption and decryption of data. This method allows the database system to perform queries on encrypted data. However, it also makes the encrypted data accessible to a number of database system administrators, who may not be trustworthy. Note that supporting a database system that is available 24 hours per day and seven days a week requires at least five or six system administrators. Any one of these system administrators can potentially compromise the security of encrypted data on the database system.
What is needed is a method and an apparatus for managing a database system that provides the capability to store sensitive data in encrypted form, while minimizing the number of database administrators who can access the encrypted data.